Wednesday, June 11, 2014

Dual boot Kali and a TrueCrypt Encrypted Windows using Multiple Hard drives

In spite of all of bad press surrounding TrueCrypt lately, which I believe is really a warrant canary, I use TrueCrypt 7.1a's full disk encryption for my Windows installation for my desktop. I also have Kali Linux installed on a separate solid state drive for my... research.

If you have ever tried to get TrueCrypt and grub to play nicely, you probably are aware that it is an absolute pain in the ass.

I tried following this guide, but when I tried to boot my TrueCrypt encrypted Windows, I kept receiving the error that grub "can not find the right disk" and that "the kernel should be loaded first". Well, I got it to work, and for the sanity of myself and other, I will post my solution here.


 My architecture

In my case, I have a total of 3 hard drives. One solid state drive that has Windows 7 installed on it with full disk encryption via TrueCrypt, a larger hard drive with multiple fully encrypted partitons that can be used by either my Kali installation or my Windows installation (depending on the partition, I just have them automounted on boot), and a second solid state drive with my dedicated Kali Linux installation. Finally, I am relying on grub for doing the bootloading between the two operating systems.

Here is the output of fdisk -l for your reference:
 root@und3rf10w:~# fdisk -l  
 Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes  
 255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors  
 Units = sectors of 1 * 512 = 512 bytes  
 Sector size (logical/physical): 512 bytes / 512 bytes  
 I/O size (minimum/optimal): 512 bytes / 512 bytes  
 Disk identifier: 0x13e22e1f  
   Device Boot   Start     End   Blocks  Id System  
 /dev/sdc1  *    2048  493293567  246645760  7 HPFS/NTFS/exFAT  
 /dev/sdc2    493295616 1953519615  730112000  7 HPFS/NTFS/exFAT  
 Disk /dev/sda: 120.0 GB, 120034123776 bytes  
 255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors  
 Units = sectors of 1 * 512 = 512 bytes  
 Sector size (logical/physical): 512 bytes / 512 bytes  
 I/O size (minimum/optimal): 512 bytes / 512 bytes  
 Disk identifier: 0xa29ca83d  
   Device Boot   Start     End   Blocks  Id System  
 /dev/sda1  *    2048   206847   102400  7 HPFS/NTFS/exFAT  
 /dev/sda2     206848  234438655  117115904  7 HPFS/NTFS/exFAT  
 Disk /dev/sdb: 128.0 GB, 128035676160 bytes  
 255 heads, 63 sectors/track, 15566 cylinders, total 250069680 sectors  
 Units = sectors of 1 * 512 = 512 bytes  
 Sector size (logical/physical): 512 bytes / 512 bytes  
 I/O size (minimum/optimal): 512 bytes / 512 bytes  
 Disk identifier: 0x0006aa81  
   Device Boot   Start     End   Blocks  Id System  
 /dev/sdb1  *    2048   1953791   975872  83 Linux  
 /dev/sdb2     1955838  250068991  124056577  5 Extended  
 /dev/sdb5     1955840  234375167  116209664  83 Linux  
 /dev/sdb6    234377216  250068991   7845888  82 Linux

  • /dev/sdc is my storage hard drive
  • /dev/sda is my encrypted Windows installation
  • /dev/sdb is my Kali installation
    •  /dev/sdb1 is mounted to /boot and where I installed grub
    • /dev/sdb5 is moutned to /
    • /dev/sdb6 is my swap partition
The Setup
First, I installed Windows and encrypted it using TrueCrypt. Remember to save your TrueCrypt rescue disk to a USB drive so that we can have grub load it.

Second, I installed Kali using the above partioning scheme. Technically, you could configure it to use LVM, but that's outside of the scope of this.

Kali comes with the syslinux package installed already, so we simply need to copy it over to /boot so that it can be loaded by grub. 
 root@und3rf10w:~# cp /usr/lib/syslinux/memdisk /boot/

Next, copy over your TrueCrypt rescue disk to /boot.
 root@und3rf10w:~# cp /media/USBDRIVE/files/truecrypt-rescue-disk.iso /boot/

We must now determine the UUID of our /boot partition. This can be done by reading /etc/fstab where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX in this example is your UUID.
 root@und3rf10w:~# cat /etc/fstab |grep /boot  
 # /boot was on /dev/sdb1 during installation  
 UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /boot      ext4  defaults    0    2

Finally, we must edit /etc/grub.d/40_custom where XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX in this example is your UUID from before.
 root@und3rf10w:~# vim /etc/grub.d/40_custom   
 #!/bin/sh  
 exec tail -n +3 $0  
 # This file provides an easy way to add custom menu entries. Simply type the  
 # menu entries you want to add after this comment. Be careful not to change  
 # the 'exec tail' line above.0db-995e-428c-af99-b5f900dd03ea  
 menuentry "Windows NT 6.1" {  
     insmod part_msdos  
     insmod loopback
     insmod fat  
     insmod ext2  
     insmod search_fs_uuid  
     search --fs-uuid --no-floppy --set=boot XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX  
     linux16 ($boot)/memdisk iso raw  
     initrd16 ($boot)/truecrypt-rescue-disk.iso  
 }

Now, to save to the changes to grub, we must update the grub.cfg. 
 root@und3rf10w:~# grub-mkconfig -o /boot/grub/grub.cfg

Now when you reboot, select your Windows entry from the grub menu. If everything went well, you should see the Truecrypt rescue disk interface! Thing is, when you enter your password, it will more than likely fail due to the headers getting messed up during the transition. Thankfully, this can be restored. Simply press [F8], choose option 3 to repair the key, accept the writing, press [ESC] and you will be returned to the password prompt. Enter your decryption password and you should be able to boot into your encrypted Windows installation.

These are the steps that worked for me, however, I can make no guarantee that they will work for you.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Got a question or comment? Leave it here!

Subscribe to: Post Comments (Atom)